Welcome to
WinSecWiki!
This Wiki is written by
Randy Franklin Smith and covers all things Windows Security related. There are currently 751 pages.
Entire WinSecWiki RSS link:
EditPrimary content areas
Windows Security Log
I've documented every event found in the mysterious and poorly understood Windows security log! Explore this part of WinSecWiki to understand Windows security log events and how they relate to each other.
Windows Security Settings
This section of WinSecWiki covers every setting in Group Policy Objects under Computer Configuration\Windows Settings\Security Settings. And, to navigate this section of WinSecWiki, just follow the same structure. These are the same settings as those found in Local Security Policy (Local Security Policy leaves a few out). I describe each setting and provide a bottom line recommendation that I hope you will find practical for the real world. There's quite a few settings that aren't worth your time worrying about and I say so.
Organization
A wiki is fundamentally a flat list of articles and you can navigate WinSecWiki that way using
All Pages. But I've also created top level pages that correspond to the major content areas above and from there you can drill down using the most natural hierarchy. For instance, in
Windows Security Settings I've organized things all the pages according to the tree hierachy you find in Group Policy Objects under Computer Configuration\Windows Settings\Security Settings so you can navigate to a given setting in the wiki the same way you would in Windows. Of course full text searching is available for those needle in haystack quests.
EditParticipation
This wiki reflects the many years of consulting and research I've done on Windows security since Windows NT 3.51 came out back in the early 90s. But I realize I'm just one out of many other Windows security professionals like you and we can all benefit from your involvement. So please contribute. Here's how:
EditImprove the wiki
The approach of WinSecWiki is to leverage community but keep a clear distinction between researched and verified content and less rigorously verified community content. The wiki pages respresent what I believe to be accurate based on my research. Each wiki page has a discussion forum where the community can post questions, corrections, answer questions and generally discuss the corresponding wiki page and its topic.
Create an account now.
Please help me to improve the wiki by starting a discussion and recommending your change to the relevant wiki article. See below for more about discussions. Post an example of a obscure security log event, etc. We monitor discussions (and participate as time permits) and update the official wiki page when a discussion turns up something that merits a revision.
This wiki is based on ScrewTurn Wiki and you can get help on editing at
ScrewTurn Wiki Help.
EditDiscuss
Every single article has a dedicated discussion forum. Start a discussion if you have a question or answer or if the current page is locked and you have a recommended edit.
EditPolicies
Please review our
terms and conditions.
EditStay up-to-date
Every single article has a separate RSS feed as does the entire wiki so you can stay up-to-date with specific topics or the whole WinSecWiki. Here is the RSS link for the entire wiki: